Skip to content

Latest commit

 

History

History
22 lines (15 loc) · 813 Bytes

SECURITY.md

File metadata and controls

22 lines (15 loc) · 813 Bytes

Security Policy

Supported Versions

For now, only the latest released version will receive security updates.

Reporting a Vulnerability

Even though synth is a command line tool without special privileges and usually won't touch sensitive data (unless perhaps for import), we take our users' security seriously.

If you found a vulnerability, please send an email to [email protected]. Please include the synth version, operating system and CPU architecture you use as well as the steps to exploit.

We will try to get back to you in a timely manner, at least within a week. This should include either a due date for a fix or a rejection should we not agree that what was reported is in fact a vulnerability.

Once the vulnerability is fixed, we will file for a CVE in cooperation with the reporter.